php - Do I need to use mysql_real_escape_string on all form inputs? -

-

i know need use them on user input fields such username entry field, radio buttons such gender option?

stop!

you seem confusing escaping data validation , data sanitization.

you need validate data comes in. yes, means making sure radio buttons contain legal values.

you need sanitize data comes in. should text field contain html? no? strip_tags. should field number? cast integer.

you need escape data place in database. if you're still using prehistoric "mysql" extension, means using mysql_real_escape_string on as build query -- not before.

you need escape data echo user. htmlspecialchars friend.

i've explained in more detail, though not duplicate question.


Comments

Post a Comment

Popular posts from this blog

how to build hyperlink for query string in php -

-
i have question, how can add variable in current url book.php?action=addressbook i want add book.php?action=addressbook&page=2 how generate hyperlink this, have tried using $_server['php_self'] query string not included in url showing that book.php?page=2 i want append other variables query string please you can use http_build_query(); append more params url $params = $_get; $params["item"] = 45; $new_query_string = http_build_query($params); for instance: $data = array('page'=> 34, 'item' => 45); echo http_build_query($data); //page=34&item=45 or include amp echo http_build_query($data, '', '&'); //page=34&&item=45
Read more

php - What is the difference between $_SERVER['PATH_INFO'] and $_SERVER['ORIG_PATH_INFO']? -

-
what’s difference between $_server['path_info'] , $_server['orig_path_info'] ? how use them? when run print_r($_server) , path_info , orig_path_info not present in array. why not? how can enable them? i have read php manual on them, still don’t understand them. the path_info variable present if invoke php script this: http://www.example.com/phpinfo.php/hello_there it's /hello_there part after .php script. if don't invoke url that, there won't $_server["path_info"] environment variable. the porig_ prefix uncommon. path_info standard cgi-environment variable, , should never prefixed. did read that? (there issues around php3/php4 if invoked php interpreter via cgi-bin/ - hardly has such setups today.) for reference: http://www.ietf.org/rfc/rfc3875
Read more

queue - mq_receive: message too long -

-
i implementing communication between 2 processes using queue. problem when call function mq_receive, error: message long. i have done following: struct mq_attr attr; long size = attr.mq_msgsize; .... // initializing queue "/gateway" int rc = mq_receive(gateway, buffer, size, &prio); if print size value, size=1, while when print same size program (got same mechanism), not long integer ( -1217186280 )... how can solve error?....so while size = 1, believe it's right "message long" why 1? p.s. have tried put : int rc = mq_receive(gateway, buffer, sizeof(buffer), &prio); but no result. it seems need read docs more carefully. when call mq_receive should pass size of destination buffer. this size must greater mq_msgsize attribute of queue . in addition, seems have error in queue attributes initialisation makes proper mq_receive call impossible. here standard message queue session: fill mq_attr struct ( doc ): struct mq_a...
Read more